In the Claims: 

Please amend Claims 57, 63, 72 and 81, all as shown below. Applicant respectfully 
reserves the right to prosecute any originally presented or canceled claims in a continuing or 
future application. 
Listing of Claims 
1-56 (Previously Cancelled) 

57. (Currently Amended) A system for maintaining security in a distributed computing 
environment, comprising: 

a policy manager located on a server for; 

creating a local security policy derived from a global security policy, said global 
security policy including a plurality of rules applicable to all application guards in the system, 
wherein creating the local security policy includes selecting a subset of the plurality of rules of 
the global security policy, said subset being applicable to a specific application guard at a client; 
and for 

distributing the local security policy to a said client wherein the local security 
policy includes a p l ura li ty the subset of rules customized to the client, said p l ura li ty subset of 
rules including a set of grant rules that allow access to securable components and a set of deny 
rules that prevent access to said securable components; and 

an application guard located at the client for managing access by individual transactions 
to securable components at a client level as specified by the local security policy, the securable 
components including at least one application wherein said application guard is integrated into 
said application ; 

wh e r ei n th e po li cy manag e r r e c ei v e s a g l oba l s e cur i ty po li cy that i nc l ud e s a p l ura li ty of 
ru l os for regu l at i ng access to sa i d socurab l o components and whoro i n tho po li cy manager 
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custom i zos tho l oca l secur i ty po li cy by so l oct i ng a subset of ru l es from tho g l oba l secur i ty po li cy 
that ar e app li cab le to th e app li cat i on guard and d i str i but e s th e subs e t to th e app li cat i on guard; 

wherein the application guard receives an authorization request including a subject, an 
object and a privilege and evaluates said request by matching the subset of rules received from 
the policy manager to said subject, said object and said privilege in order to control access to 
said securable components. 

58. (Previously Presented) The system of Claim 57 wherein said securable components 
further include a function within the application as specified by the security policy. 

59. (Withdrawn) The system of Claim 57 including a procedure within the application as 
specified by the security policy. 

60. (Withdrawn) The system of Claim 57 including a data structure within the application as 
specified by the security policy. 

61. (Withdrawn) The system of Claim 57 including a database object referenced by the 
application as specified by the security policy. 

62. (Withdrawn) The system of Claim 57 including a file system object referenced by the 
application as specified by the security policy. 

63. (Currently Amended) A method for maintaining security in a distributed computing 
environment, comprising: 
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receiving a global security policy that includes a plurality of rules for regulating access to 
securable components in the system, the securable components including at least one 
application wherein said rules of the global security policy apply to all application guards in the 
distributed computing environment ; 

creating a local security policy via a policy manager located on a server, the local 
security policy including a plurality of rules customized to a client wherein creating the local 
security policy includes customizing the local security policy by selecting a subset of rules from 
the global security policy that is applicable to an a specific application guard located on the 
client; 

distributing the local security policy to the client; and 

receiving an authorization request by the application guard, the authorization request 
including a subject, an object and a privilege wherein said application guard is integrated into 
said application ; 

managing access as specified by the local security policy via the application guard 
located at the client to securable components wherein managing access includes comparing 
the subject, object and privilege to the subset of rules of the local security policy. 

64. (Previously Presented) The method of Claim 63 wherein the securable components 
include a function within the application as specified by the security policy. 

65. (Withdrawn) The method of Claim 63 including a procedure within the application as 
specified by the security policy. 

66. (Withdrawn) The method of Claim 63 including a data structure within the application as 
specified by the security policy. 
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67. (Withdrawn) The method of Claim 63 including a database object referenced by the 
application as specified by the security policy. 

68. (Withdrawn) The method of Claim 63 including a file system object referenced by the 
application as specified by the security policy. 

69-71. (Previously Canceled). 

72. (Currently Amended) A method for maintaining security in a distributed computing 
environment, comprising the steps of: 

receiving a global security policy that includes a plurality of rules for regulating access to 
securable components in the system, the securable components including at least one 
application wherein said rules of the global security policy apply to all application guards in the 
distributed computing environment ; 

providing a policy manager located on a server to create a local security policy including 
a plurality of rules customized to a client wherein creating the local security policy includes 
customizing the local security policy by selecting a subset of rules from the global security policy 
that is applicable to an a specific application guard located on the client; 

distributing the local security policy to the client; 

providing an application guard located at the client to manage access to securable 
components at a client level as specified by the local security policy , said application guard 
being integrated into said application ; 

receiving an authorization request by the application guard, said authorization request 
including a subject, an object and a privilege; and 

controlling access to the securable components by matching the subject, object and 
privilege to the subset of the rules by the application guard. 
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73. (Previously Presented) The method of Claim 72 wherein the securable components 
include a function within the application as specified by the security policy. 

74. (Withdrawn) The method of Claim 72 including a procedure within the application as 
specified by the security policy. 

75. (Withdrawn) The method of Claim 72 including a data structure within the application as 
specified by the security policy. 

76. (Withdrawn) The method of Claim 72 including a database object referenced by the 
application as specified by the security policy. 

77. (Withdrawn) The method of Claim 72 including a file system object referenced by the 
application as specified by the security policy. 

78-80. (Previously Canceled). 

81. (Currently Amended) A computer readable storage medium having stored thereon a set 
of instructions to execute a method for maintaining security in a distributed computing 
environment comprising the steps of: 

receiving a global security policy that includes a plurality of rules for regulating access to 
securable components in the system, the securable components including at least one 
application wherein said rules of the global security policy apply to all application guards in the 
distributed computing environment ; 
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creating a local security policy via a policy manager located on a server, the local 
security policy including a plurality of rules customized to a client wherein creating the local 
security policyjncludes customizing the local security policy by selecting a subset of rules from 
the global security policy that is applicable to an application guard located on the client; 

distributing the local security policy to the client; and 

receiving an access request by the application guard, said access request including a 
subject, an object and a privilege wherein said application guard is integrated into said 
application ; 

matching the access request to at least one rule selected from the subset of the rules in 
order to manage access as specified by the local security policy via the application guard 
located at the client to securable components. 

82. (Previously Presented) The computer readable storage medium of Claim 81 wherein the 
securable components include a function within the application as specified by the security 
policy. 

83. (Withdrawn) The computer readable storage medium of Claim 81 including a procedure 
within the application as specified by the security policy. 

84. (Withdrawn) The computer readable storage medium of Claim 81 including a data 
structure within the application as specified by the security policy. 

85. (Withdrawn) The computer readable storage medium of Claim 81 including a database 
object referenced by the application as specified by the security policy. 
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86. (Withdrawn) The computer readable storage medium of Claim 81 including a file system 
object referenced by the application as specified by the security policy. 

87-89. (Previously Canceled). 

90. (Previously Presented) The system of claim 57, wherein the application guard further 
allows for additional customized code to process and evaluate authorization requests based on 
the additional customized code. 

91. (Previously Presented) The system of claim 90, wherein the global policy specifies 
access privileges of a user to securable components. 

92. (Previously Presented) The method of claim 72, wherein the application guard further 
allows for additional customized code to process and evaluate authorization requests based on 
the additional customized code. 

93. (Previously Presented) The method of claim 92, wherein the global policy specifies 
access privileges of a user to securable components. 

94. (Previously Presented) The computer readable storage medium of claim 81 , wherein the 
application guard further allows for additional customized code to process and evaluate 
authorization requests based on the additional customized code. 

95. (Previously Presented) The computer readable storage medium of claim 94, wherein the 
global policy specifies access privileges of a user to securable components. 
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